What are my options if I want to keep my game as an applet but allow player vs player network play?
The only problem I can think of is how I would obtain the IP’s of the server and post them on the website for the client users to play versus? I know I can use jdbc to write user scores and stuff to the sql database or at least I think so.
You’ll need a server on at least 1 machine. All applets loaded from that location can then talk to each other through the server.
Good PvP is hard! …but it can be done.
thats what I was afraid of. I have a mysql database and php but not root its not a vpn so thats not an option ;s. lol maybe I should of researched this before I wrote most of the game! I was thinking of doing something like http://www.ttadvance.ca but w/ java in browser. I guess I could make it like worms and have two play on one keyboard. But that would require a friend /wrist lol j/k.
I think I need to use php for talking to the database as thats more secure? Just unsure of how that would work. insted of doing client to client just have clients read from database and have clients send moves to database. client waits to see if move has occured or something like that. I know how to do this in straight java but it would be unsecure as someone could just decompile and find root pw or raw sql.
That’s why you should have a dedicated server that acts as middle-man between clients and the database.
any way that that information could be hidden? Or would it be easy to find out the password in the applet since its being sent out?
You don’t need to give the Applet the password. All you need is to give your server a command to store this or do that and your server will handle it.
Well I was trying to think up a method in which I wouldn’t need a server and somehow I could just use the mysql database. I am almost done writing it but its not secure at all lol.
There are no scenarios where you would directly access a database securely without a middle man server.
Lame but I know thats the answer hehe.
There is (one?) if you define securely in a loose manner. A user with only select privileges on a set number of tables could access a database securely (as in, couldn’t compromise the data, not securely as in no one being able to figure out the password), but I’d never recommend it to anyone.
If you do updates or inserts expect the database to be full of junk.
All in all, use an application server.
Mike
No because if he wants everyone to use the application, then all users should be allowed. 
And by securely I really mean without being able to figure out the password to the database by, say, using tcpdump.
You should also encrypt your data, instead of using plain Strings back and forth. The simplest way is to send objects using ObjectOutputStream and ObjectInputStream. Java serialization will handle the “encryption” (aka, the object graph that looks like a bunch of junk).
Hope that helped ;D
right now I am rewriting code to connect to http to run php code that gets moves through gets. I will eventually want to encrypt that so thank you for the advise.